You can use the wsusutil command-line utility that is provided with Windows Server Update Services (WSUS) 3.0 SP2 to manage WSUS. The wsusutil tool is located in the WSUSInstallDrive:\WSUSInstallDirectory\Tools folder on WSUS servers.

Note

wsusutil is not installed on non-WSUS servers on which the WSUS Administration Console is installed.

Log on to the WSUS server by using an account that is an administrator on the local computer.

Open a command prompt (Cmd.exe) as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, enter the appropriate credentials (if requested), confirm that the action it displays is what you want, and then click Continue.

This command removes the front-end server from the database only. You will need to run wsussetup /u on the front-end server to uninstall WSUS.

export

The first part of the export/import process to synchronize a disconnected downstream WSUS server. Exports update metadata to an export package file. You cannot use this parameter to export update files, update approvals, or server settings.

The output from wsusutil parameterName is usually the current state of the given parameter, for example:

wsusutil healthmonitoring IntervalsInMinutes

Output: Detect interval: 10 min, Refresh interval: 360 min

wsusutil healthmonitoring DiskSpaceInMegabytes

Output: Error level: 200 MB, Warning level: 500 MB

When a health monitoring check parameter (for example, wsusutil healthmonitoringCheckAcls) is set on or off, the output will simply be a warning that the WSUS Service must be stopped and restarted for the change to take effect.

Note

You can set or get only one parameter at a time.

import

The second part of the export/import process. Imports update metadata to a server from an export package file that was created on another WSUS server. This command synchronizes a disconnected destination WSUS server.

This command lists the front-end servers in a network load balancing (NLB) configuration. It can be useful in troubleshooting an NLB configuration and after setting up a new front-end server to make sure that it is configured properly.

listinactiveapprovals

Returns a list of approved update titles that are in a permanently inactive state because of a change in server language settings.

If you change language options on an upstream WSUS server, the number of approved updates on the upstream server may not match the number of approved updates on a replica server. For example, you configure your upstream server to synchronize all languages, then synchronize and approve 300 updates, of which 50 are non-English language updates. Afterward, you change the language setting on the server to English only. Later, a replica server synchronizes from the upstream server and downloads the "active" approvals, which are now only the English language updates (replica servers synchronize only active approvals). At this point, you will see 300 updates approved on the upstream server, but only 250 approved on the replica server. You can use listinactiveapprovals to see a list of the updates on the parent upstream server that are permanently inactive—in this case, the 50 updates that are not English. You do not have to run this command before running the removeinactiveapprovals command.

Syntax: wsusutil listinactiveapprovals

movecontent

Changes the file system location where the WSUS server stores update files, and optionally copies any update files from the original location to the new location

Removes approvals for updates that are in a permanently inactive state because of a change in WSUS server language settings.

Syntax: wsusutil removeinactiveapprovals

reset

You use this command if you store updates locally on your WSUS server, and you want to ensure that the metadata information stored in your WSUS database is accurate.

With this command, you verify that every update metadata row in the WSUS database corresponds to update files that are stored in the local update file storage location on your WSUS server. If update files are missing or have been corrupted, WSUS downloads the update files again. This command might be useful to run after you restore your database, or as a first step when troubleshooting update approvals.

Syntax: wsusutil reset

usecustomwebsite

If set to true, WSUS Setup will use port 8530 for its default website. If you set it to false, WSUS will use port 80.

Syntax: wsusutil usecustomwebsite true

Important

You must use this command before you configure SSL.

If you are installing SharePoint on the same computer as WSUS, the value of usecustomwebsite should be set to true before the installation.

Using this command after running WSUS Setup will fail if the index of the default website is set to a value other than 1.

Healthmonitoring parameters

Parameter

Description

IntervalsInMinutes[DetectInterval] [RefreshInterval]

Sets the values for detect and refresh intervals. If the detect interval is 0, the detect cycle will not run. If the refresh interval is 0, the refresh cycle will not run.

Sets the amount of available disk space (in megabytes) at which a low disk space warning or error event should be logged.

CatalogSyncIntervalInDays[Days]

Sets the number of days that should have passed after synchronization before a warning event is logged.

InstallUpdatesInPercent[WarningPercent][ErrorPercent]

Sets the percentage of update installation failures at which a warning or error event is given.

InventoryInPercent[WarningPercent][ErrorPercent]

Sets the percentage of inventory reporting failures at which a warning or error is given.

SilentClientsInPercent[WarningPercent][ErrorPercent]

Sets the percentage of client computers not reporting to the server at which a warning or error should be given.

SilentClientsInDays[Days]

Sets the number of days that client computers can fail to report before an error should be given.

TargetComputersInPercent[WarningPercent][ErrorPercent]

Sets the maximum percentage of target computers reporting to this server below which a warning or error event should be given. For example, if you set values of 80 and 60, a warning event will be logged if only 80 percent of computers have reported, and an error event will be logged if only 60 percent of computers have reported.

CheckAclson|off

On indicates to check ACLs on the relevant directories.

CheckForLowDiskSpaceon|off

On indicates to check for low disk space.

CheckForCatalogSyncFailureson|off

On indicates to check for catalog synchronization failures.

CheckForContentSyncFailureson|off

On indicates to check for content synchronization failures.

CheckForEmailNotificationFailureson|off

On indicates to check for email notification failures.

CheckSelfUpdateon|off

On: check for client self-update failures.

CheckClientsExiston|off

On indicates to check whether this server has any client computers.

CheckForUpdateInstallFailureson|off

On: check for update installation failures.

CheckForInventoryFailureson|off

On indicates to check for client computers that fail to report inventory.

CheckForSilentClientson|off

On indicates to check for client computers that failed to report to the server.

CheckForTooManyClientson|off

On indicates to check whether the number of client computers is approaching the maximum number allowed.

CheckReportingWebServiceon|off

On indicates to check the Reporting web service.

CheckApiRemotingWebService on|off

On indicates to check the API Remoting web service.

CheckServerSyncWebService on|off

On indicates to check the Server Synchronization web service.

CheckClientWebServiceon|off

On indicates to check the client web service.

CheckSimpleAuthWebServiceon|off

On indicates to check the Simple Authentication web service.

CheckDssAuthWebServiceon|off

On indicates to check the Downstream Server Authentication web service.

Import parameters

Copies the update files from the old location to the new location. The old location is not deleted.

Updates the WSUS database to refer to the new location of the update files.

Ensures that the content and metadata are synchronized. This check is always run, even if the –skipcopy parameter is used.

The destination folder to which update files are moved must be on an NTFS partition. The utility will not try to copy update files if they already exist in the destination folder. The destination folder will have the same permissions that were set for the original folder.

Note

You can use xcopy, the Backup utility, or other methods to copy update files from the old location to the new one. If you copy the files by using a method other than wsusutil, you still need to run wsusutil to perform the second part of the move, which is using the -skipcopy parameter. See the Syntax section for more information.

There are two scenarios in which you might move update files from one WSUS hard disk drive to another:

Install a new hard disk drive on your computer, and then restore the update files from your backup files.

Note

If you have not backed up your update files, WSUSutil.exe downloads the missing files at the end of the content move operation.

Run wsusutil movecontent newLocation, and specify the location for the new hard disk drive. In addition, you specify the –skipcopy parameter, because you are putting the files in the new folder through the backup utility, or the source folder does not exist. The update files will be downloaded at the end of this process.

When the move operation is complete, all the missing files are downloaded.